Skip to content

[JSC][Temporal] Fix crash in Temporal.PlainMonthDay.from with very large string input#66887

Open
hyjorc1 wants to merge 1 commit into
WebKit:mainfrom
hyjorc1:eng/JSC-Temporal-Fix-crash-in-Temporal-PlainMonthDay-from-with-very-large-string-input
Open

[JSC][Temporal] Fix crash in Temporal.PlainMonthDay.from with very large string input#66887
hyjorc1 wants to merge 1 commit into
WebKit:mainfrom
hyjorc1:eng/JSC-Temporal-Fix-crash-in-Temporal-PlainMonthDay-from-with-very-large-string-input

Conversation

@hyjorc1

@hyjorc1 hyjorc1 commented Jun 10, 2026
edited by webkit-early-warning-system
Loading

Copy link
Copy Markdown
Contributor

e805398

[JSC][Temporal] Fix crash in Temporal.PlainMonthDay.from with very large string input
https://bugs.webkit.org/show_bug.cgi?id=316805
rdar://179110736

Reviewed by NOBODY (OOPS!).

fromMonthDayString used makeString to include the user-supplied string
in the RangeError message. makeString calls WTFCrash on allocation
failure, so passing a very large string (e.g. ~2 GB) caused a crash
instead of a clean RangeError.

Fix by using tryMakeString with a static fallback message, matching the
pattern already used in fromYearMonthString.

Test: JSTests/stress/temporal-plainmonthday-from-large-string.js

e805398

Misc iOS, visionOS, tvOS & watchOS macOS Linux Windows Apple Internal
✅ 🧪 style ✅ 🛠 ios loading 🛠 mac ✅ 🛠 wpe ⏳ 🛠 win ⏳ 🛠 ios-apple
✅ 🛠 ios-sim ✅ 🛠 mac-AS-debug ⏳ 🧪 wpe-wk2 ⏳ 🧪 win-tests ⏳ 🛠 mac-apple
✅ 🧪 webkitperl ⏳ 🧪 ios-wk2 loading 🧪 api-mac ⏳ 🧪 api-wpe ⏳ 🛠 vision-apple
⏳ 🧪 ios-wk2-wpt ⏳ 🧪 api-mac-debug ✅ 🛠 gtk3-libwebrtc
⏳ 🛠 🧪 jsc-x86-64 ⏳ 🧪 api-ios loading 🧪 mac-wk1 ✅ 🛠 gtk
⏳ 🛠 🧪 jsc-debug-arm64 ⏳ 🛠 ios-safer-cpp loading 🧪 mac-wk2 ⏳ 🧪 gtk-wk2
✅ 🛠 vision ⏳ 🧪 mac-AS-debug-wk2 ⏳ 🧪 api-gtk
✅ 🛠 vision-sim loading 🧪 mac-wk2-stress ✅ 🛠 playstation
✅ 🧪 vision-wk2 loading 🧪 mac-intel-wk2 ✅ 🛠 jsc-armv7
✅ 🛠 tv ⏳ 🛠 mac-safer-cpp loading 🧪 jsc-armv7-tests
✅ 🛠 tv-sim loading 🧪 mac-site-isolation
✅ 🛠 watch
✅ 🛠 watch-sim

@hyjorc1 hyjorc1 requested a review from a team as a code owner June 10, 2026 17:38
@hyjorc1 hyjorc1 self-assigned this Jun 10, 2026
@hyjorc1 hyjorc1 added the New Bugs Unclassified bugs are placed in this component until the correct component can be determined. label Jun 10, 2026
@webkit-early-warning-system

webkit-early-warning-system commented Jun 10, 2026
edited
Loading

Copy link
Copy Markdown
Collaborator

EWS run on previous version of this PR (hash 779631c)

Details

Misc iOS, visionOS, tvOS & watchOS macOS Linux Windows Apple Internal
✅ 🧪 style ✅ 🛠 ios ✅ 🛠 mac ✅ 🛠 wpe ⏳ 🛠 win ⏳ 🛠 ios-apple
✅ 🛠 ios-sim ✅ 🛠 mac-AS-debug 🧪 wpe-wk2 ⏳ 🧪 win-tests ⏳ 🛠 mac-apple
✅ 🧪 webkitperl 🧪 ios-wk2 ⏳ 🧪 api-mac ✅ 🧪 api-wpe loading 🛠 vision-apple
⏳ 🧪 ios-wk2-wpt ⏳ 🧪 api-mac-debug ✅ 🛠 gtk3-libwebrtc
⏳ 🛠 🧪 jsc-x86-64 ⏳ 🧪 api-ios ✅ 🧪 mac-wk1 ✅ 🛠 gtk
⏳ 🛠 🧪 jsc-debug-arm64 ⏳ 🛠 ios-safer-cpp ✅ 🧪 mac-wk2 🧪 gtk-wk2
✅ 🛠 vision 🧪 mac-AS-debug-wk2 ⏳ 🧪 api-gtk
✅ 🛠 vision-sim ✅ 🛠 playstation
✅ 🧪 vision-wk2 ⏳ 🧪 mac-intel-wk2 ✅ 🛠 jsc-armv7
✅ 🛠 tv ⏳ 🛠 mac-safer-cpp ✅ 🧪 jsc-armv7-tests
✅ 🛠 tv-sim ✅ 🧪 mac-site-isolation
✅ 🛠 watch
✅ 🛠 watch-sim

Achierius
Achierius approved these changes Jun 10, 2026
View reviewed changes

@Achierius Achierius left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

r=me

@hyjorc1
[JSC][Temporal] Fix crash in Temporal.PlainMonthDay.from with very la…
e805398 
…rge string input

https://bugs.webkit.org/show_bug.cgi?id=316805
rdar://179110736

Reviewed by NOBODY (OOPS!).

fromMonthDayString used makeString to include the user-supplied string
in the RangeError message. makeString calls WTFCrash on allocation
failure, so passing a very large string (e.g. ~2 GB) caused a crash
instead of a clean RangeError.

Fix by using tryMakeString with a static fallback message, matching the
pattern already used in fromYearMonthString.

Test: JSTests/stress/temporal-plainmonthday-from-large-string.js
@hyjorc1 hyjorc1 force-pushed the eng/JSC-Temporal-Fix-crash-in-Temporal-PlainMonthDay-from-with-very-large-string-input branch from 779631c to e805398 Compare June 10, 2026 19:14
@webkit-early-warning-system

webkit-early-warning-system commented Jun 10, 2026
edited
Loading

Copy link
Copy Markdown
Collaborator

EWS run on current version of this PR (hash e805398)

Details

Misc iOS, visionOS, tvOS & watchOS macOS Linux Windows Apple Internal
✅ 🧪 style ✅ 🛠 ios loading 🛠 mac ✅ 🛠 wpe ⏳ 🛠 win ⏳ 🛠 ios-apple
✅ 🛠 ios-sim ✅ 🛠 mac-AS-debug ⏳ 🧪 wpe-wk2 ⏳ 🧪 win-tests ⏳ 🛠 mac-apple
✅ 🧪 webkitperl ⏳ 🧪 ios-wk2 loading 🧪 api-mac ⏳ 🧪 api-wpe ⏳ 🛠 vision-apple
⏳ 🧪 ios-wk2-wpt ⏳ 🧪 api-mac-debug ✅ 🛠 gtk3-libwebrtc
⏳ 🛠 🧪 jsc-x86-64 ⏳ 🧪 api-ios loading 🧪 mac-wk1 ✅ 🛠 gtk
⏳ 🛠 🧪 jsc-debug-arm64 ⏳ 🛠 ios-safer-cpp loading 🧪 mac-wk2 ⏳ 🧪 gtk-wk2
✅ 🛠 vision ⏳ 🧪 mac-AS-debug-wk2 ⏳ 🧪 api-gtk
✅ 🛠 vision-sim loading 🧪 mac-wk2-stress ✅ 🛠 playstation
✅ 🧪 vision-wk2 loading 🧪 mac-intel-wk2 ✅ 🛠 jsc-armv7
✅ 🛠 tv ⏳ 🛠 mac-safer-cpp loading 🧪 jsc-armv7-tests
✅ 🛠 tv-sim loading 🧪 mac-site-isolation
✅ 🛠 watch
✅ 🛠 watch-sim

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Achierius Achierius Achierius approved these changes

Assignees

@hyjorc1 hyjorc1

Labels

New Bugs Unclassified bugs are placed in this component until the correct component can be determined.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@hyjorc1 @webkit-early-warning-system @Achierius